<?php
session_start();

$user = $_POST['user'];
$password = $_POST['password'];
$passwordHash = md5($password);
$location = "adminLogin.php";


include("functions.php");

$unique = genKey(); //generate Unique KEY
echo "loading Admin Panel...";

$sql = "SELECT * FROM user WHERE User = '{$user}' AND Password ='{$passwordHash}'";
$result = mysql_query($sql);

$numResults = mysql_num_rows($result);

if ($numResults == 0) {
    echo "<br/> There is an Error with the info you submited";
    exit;
}

while ($row = mysql_fetch_assoc($result)) {
    if ($row["Access"] == 1) {
        $_SESSION['SESS_ADMIN_ID'] = $row['idUser'];
        $_SESSION['access'] = $row['Access'];
        $location = "adminPanel.php";
    } else {
        echo "You do not have succient privilages to enter this page";
        exit;
    }
}

mysql_free_result($result);

mysql_close($link);

header("Refresh: 1; URL=$location");